From e6305f2c85bb6796b9f7ca4eafb02cb07bffdfdf Mon Sep 17 00:00:00 2001 From: George Taylor Date: Thu, 8 Aug 2024 13:10:24 +0100 Subject: [PATCH] :tada: Add kustomize patching for dev environment --- kustomize/dev/allowlist.yaml | 46 + kustomize/dev/kustomization.yaml | 9 + kustomize/dev/output.yaml | 2159 +++++++++++++++++++ kustomize/dev/patch-ingress-repository.yaml | 29 + kustomize/dev/patch-ingress-share.yaml | 30 + kustomize/dev/values.yaml | 10 + 6 files changed, 2283 insertions(+) create mode 100644 kustomize/dev/allowlist.yaml create mode 100644 kustomize/dev/kustomization.yaml create mode 100644 kustomize/dev/output.yaml create mode 100644 kustomize/dev/patch-ingress-repository.yaml create mode 100644 kustomize/dev/patch-ingress-share.yaml create mode 100644 kustomize/dev/values.yaml diff --git a/kustomize/dev/allowlist.yaml b/kustomize/dev/allowlist.yaml new file mode 100644 index 0000000..e67e172 --- /dev/null +++ b/kustomize/dev/allowlist.yaml @@ -0,0 +1,46 @@ +- "3.11.29.246" # legacy delius-mis-dev-az1-nat-gateway +- "18.130.165.209" # legacy delius-mis-dev-az2-nat-gateway +- "35.178.35.115" # legacy delius-mis-dev-az3-nat-gateway +- "35.178.209.113" # Cloud Platform live-1-eu-west-2a +- "3.8.51.207" # Cloud Platform live-1-eu-west-2c +- "35.177.252.54" # Cloud Platform live-1-eu-west-2b +- "35.176.93.186/32" # MoJ GlobalProtect +- "35.177.125.252/32" # MoJ VPN Gateway Proxies +- "35.177.137.160/32" # MoJ VPN Gateway Proxies +- "81.134.202.29/32" # MoJ VPN +- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range +- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd +- "213.121.161.112/28" # 102 Petty France WiFi +- "217.33.148.210/32" # Digital studio +- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat +- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat +- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat +- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E +- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E +- "194.33.192.0/25" # ARK internet (DOM1) +- "194.33.193.0/25" # ARK internet (DOM1) +- "194.33.196.0/25" # ARK internet (DOM1) +- "194.33.197.0/25" # ARK internet (DOM1) +- "195.59.75.0/24" # ARK internet (DOM1) +- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone +- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone +- "62.25.106.209/32" # OMNI +- "195.92.40.49/32" # OMNI +- "62.25.109.197/32" # Quantum +- "195.92.38.16/28" # Quantum +- "212.137.36.230/32" # Quantum +- "78.33.10.50/31" # Unilink AOVPN +- "78.33.10.52/30" # Unilink AOVPN +- "78.33.10.56/30" # Unilink AOVPN +- "78.33.10.60/32" # Unilink AOVPN +- "78.33.32.99/32" # Unilink AOVPN +- "78.33.32.100/30" # Unilink AOVPN +- "78.33.32.104/30" # Unilink AOVPN +- "78.33.32.108/32" # Unilink AOVPN +- "83.98.63.176/29" # Unilink AOVPN +- "194.75.210.216/29" # Unilink AOVPN +- "217.138.45.109/32" # Unilink AOVPN +- "217.138.45.110/32" # Unilink AOVPN +- "34.241.149.106/32" # Airflow in Analytical Platform +- "52.210.79.20/32" # Airflow in Analytical Platform +- "54.228.134.38/32" # Airflow in Analytical Platform diff --git a/kustomize/dev/kustomization.yaml b/kustomize/dev/kustomization.yaml new file mode 100644 index 0000000..eaf31f0 --- /dev/null +++ b/kustomize/dev/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + +patches: + - path: patch-ingress-repository.yaml + - path: patch-ingress-share.yaml diff --git a/kustomize/dev/output.yaml b/kustomize/dev/output.yaml new file mode 100644 index 0000000..67e52e8 --- /dev/null +++ b/kustomize/dev/output.yaml @@ -0,0 +1,2159 @@ +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "900" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "250" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "99999" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1200" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap +--- +apiVersion: v1 +data: + ALFRESCO_OPTS: -Ddeployment.method=HELM_CHART -Dalfresco.cluster.enabled=false -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/ + -Dalfresco.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dalfresco.protocol=https -Dalfresco.port=443 -Daos.baseUrlOverwrite=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + -Dcsrf.filter.origin=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dcsrf.filter.referer=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/.* + -Dshare.protocol=https -Dshare.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dshare.port=443 -Delasticsearch.host=opensearch-proxy-service-cloud-platform-62a206e0.hmpps-delius-alfrsco-poc.svc.cluster.local + -Delasticsearch.port=8080 -Delasticsearch.user= -Delasticsearch.password= -Delasticsearch.createIndexIfNotExists=true + -Delasticsearch.indexName=alfresco -Dindex.subsystem.name=elasticsearch -Dtransform.service.url=http://alfresco-content-services-alfresco-router + -Dsfs.url=http://alfresco-content-services-alfresco-filestore:80 -DlocalTransform.core-aio.url= + -DlocalTransform.pdfrenderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -DlocalTransform.imagemagick.url=http://alfresco-content-services-alfresco-cs-imagemagick + -DlocalTransform.libreoffice.url=http://alfresco-content-services-alfresco-cs-libreoffice + -DlocalTransform.tika.url=http://alfresco-content-services-alfresco-cs-tika -DlocalTransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Dalfresco-pdf-renderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -Dimg.url=http://alfresco-content-services-alfresco-cs-imagemagick -Djodconverter.url=http://alfresco-content-services-alfresco-cs-libreoffice + -Dtika.url=http://alfresco-content-services-alfresco-cs-tika -Dtransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Ds3.bucketLocation=eu-west-2 -Ds3.bucketName=cloud-platform-5ce784402d8052fe1cd006f1e7329f70 + -Devents.subsystem.autoStart=false + CATALINA_OPTS: $ALFRESCO_OPTS -Ddb.driver=org.postgresql.Driver -Ddb.url=jdbc:postgresql://cloud-platform-f05612b0b7cdbf33.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco + -Ddb.username=$DATABASE_USERNAME -Ddb.password=$DATABASE_PASSWORD -Ds3.accessKey=$ACCESSKEY + -Ds3.secretKey=$SECRETKEY -Dmetadata-keystore.password=$METADATA_KEYSTORE_PASSWORD + -Dmetadata-keystore.metadata.password=$METADATA_KEY_PASSWORD -Dmessaging.broker.url=$BROKER_URL + -Dmessaging.broker.username=$BROKER_USERNAME -Dmessaging.broker.password=$BROKER_PASSWORD + -Dencryption.ssl.truststore.location=$JAVA_HOME/lib/security/cacerts -Dalfresco_user_store.adminpassword=$REPO_ADMIN_PASSWORD + JAVA_OPTS: -Dindex.subsystem.name=elasticsearch -Delasticsearch.indexName=alfresco + -Delasticsearch.createIndexIfNotExists=true -Dtransform.service.enabled=true -XX:MinRAMPercentage=50 + -XX:MaxRAMPercentage=80 -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false + RELEASE_NAME: alfresco-content-services +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-configmap +--- +apiVersion: v1 +data: + CATALINA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + CSRF_FILTER_ORIGIN: https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + CSRF_FILTER_REFERER: https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/.* + JAVA_OPTS: -Dalfresco.proxy=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + REPO_HOST: alfresco-content-services-alfresco-cs-repository + REPO_PORT: "80" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -Xms1024M -Xmx1638M + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessSavePeriodSeconds: "600" + scheduler.cleanup.interval: "86400000" + scheduler.content.age.millis: "86400000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + IMAGEMAGICK_URL: http://alfresco-content-services-alfresco-cs-imagemagick:80 + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + LIBREOFFICE_URL: http://alfresco-content-services-alfresco-cs-libreoffice:80 + MISC_URL: http://alfresco-content-services-alfresco-cs-transform-misc:80 + PDF_RENDERER_URL: http://alfresco-content-services-alfresco-cs-pdfrenderer:80 + TIKA_URL: http://alfresco-content-services-alfresco-cs-tika:80 +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router-configmap +--- +apiVersion: v1 +data: + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED: "true" + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME: 0 0 * * * * + ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED: "true" + ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ELASTICSEARCH_INDEXNAME: alfresco + SPRING_ELASTICSEARCH_REST_URIS: http://opensearch-proxy-service-cloud-platform-62a206e0.hmpps-delius-alfrsco-poc.svc.cluster.local:8080 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-configmap +--- +apiVersion: v1 +data: + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_REINDEX_PATHINDEXINGENABLED: "true" + ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ELASTICSEARCH_INDEXNAME: alfresco + SPRING_DATASOURCE_URL: jdbc:postgresql://alfresco-content-services-postgresql-acs:5432/alfresco + SPRING_ELASTICSEARCH_REST_URIS: http://opensearch-proxy-service-cloud-platform-62a206e0.hmpps-delius-alfrsco-poc.svc.cluster.local:8080 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap +--- +apiVersion: v1 +data: + reindex.prefixes-file.json: | + { + "prefixUriMap":{ + "":"", + "http://www.alfresco.org/model/aos/1.0":"aos", + "http://www.alfresco.org/model/workflow/invite/nominated/1.0":"inwf", + "http://www.alfresco.org/model/solrfacetcustomproperty/1.0":"srftcustom", + "http://www.alfresco.org/model/datalist/1.0":"dl", + "http://www.alfresco.org/model/webdav/1.0":"webdav", + "http://www.alfresco.org/model/cmis/1.0/cs01ext":"cmisext", + "http://www.alfresco.org/model/distributionpolicies/1.0/model":"dp", + "http://www.alfresco.org/view/repository/1.0":"view", + "http://www.alfresco.org/model/download/1.0":"download", + "http://www.alfresco.org/model/publishing/twitter/1.0":"twitter", + "http://www.alfresco.org/model/action/1.0":"act", + "http://www.alfresco.org/system/registry/1.0":"reg", + "http://www.alfresco.org/model/user/1.0":"usr", + "http://www.alfresco.org/model/calendar":"ia", + "http://www.alfresco.org":"alf", + "http://www.alfresco.org/model/content/metadata/IPTCXMP/1.0":"iptcxmp", + "http://www.alfresco.org/model/application/1.0":"app", + "http://www.alfresco.org/model/surf/1.0":"surf", + "http://www.alfresco.org/model/versionstore/1.0":"ver", + "http://www.alfresco.org/system/modules/1.0":"module", + "http://www.alfresco.org/model/linksmodel/1.0":"lnk", + "http://iptc.org/std/Iptc4xmpExt/2008-02-29/":"Iptc4xmpExt", + "http://ns.adobe.com/photoshop/1.0/":"photoshop", + "http://www.alfresco.org/model/sync/1.0":"sync", + "http://ns.useplus.org/ldf/xmp/1.0/":"plus", + "http://www.alfresco.org/model/zaizi/gdpr/1.0":"gdpr", + "http://www.alfresco.org/model/remotecredentials/1.0":"rc", + "http://www.alfresco.org/model/emailserver/1.0":"emailserver", + "http://www.alfresco.org/model/hybridworkflow/1.0":"hwf", + "http://www.alfresco.org/model/sitecustomproperty/1.0":"stcp", + "http://www.alfresco.org/model/cmis/1.0/cs01":"cmis", + "http://www.alfresco.org/model/transfer/1.0":"trx", + "http://www.alfresco.org/model/rendition/1.0":"rn", + "http://www.alfresco.org/model/exif/1.0":"exif", + "http://www.alfresco.org/model/publishing/youtube/1.0":"youtube", + "http://ns.adobe.com/xap/1.0/rights/":"xmpRights", + "http://www.alfresco.org/model/custommodelmanagement/1.0":"cmm", + "http://www.alfresco.org/model/workflow/invite/moderated/1.0":"imwf", + "http://www.alfresco.org/model/forum/1.0":"fm", + "http://www.alfresco.org/model/rule/1.0":"rule", + "http://www.alfresco.org/model/publishing/linkedin/1.0":"linkedin", + "http://www.alfresco.org/model/publishing/slideshare/1.0":"slideshare", + "http://www.alfresco.org/model/system/1.0":"sys", + "http://www.alfresco.org/model/content/smartfolder/1.0":"smf", + "http://www.alfresco.org/model/zaizi/nomsspg/1.0":"nspg", + "http://www.alfresco.org/model/workflow/1.0":"wf", + "http://www.alfresco.org/model/qshare/1.0":"qshare", + "http://www.alfresco.org/model/versionstore/2.0":"ver2", + "http://www.alfresco.org/model/solrfacet/1.0":"srft", + "http://www.alfresco.org/model/audio/1.0":"audio", + "http://www.alfresco.org/model/blogintegration/1.0":"blg", + "http://www.alfresco.org/model/bpm/1.0":"bpm", + "http://www.alfresco.org/model/site/1.0":"st", + "http://www.alfresco.org/model/imap/1.0":"imap", + "http://www.alfresco.org/model/dictionary/1.0":"d", + "custom.model":"custom", + "http://www.alfresco.org/model/publishing/facebook/1.0":"facebook", + "http://www.alfresco.org/model/content/1.0":"cm", + "http://www.alfresco.org/model/cmis/custom":"cmiscustom", + "http://www.alfresco.org/model/devicesync/1.0":"devicesync", + "http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/":"Iptc4xmpCore", + "http://www.alfresco.org/model/googledocs/2.0":"gd2", + "http://www.alfresco.org/model/publishing/flickr/1.0":"flickr", + "http://www.alfresco.org/model/workflow/resetpassword/1.0":"resetpasswordwf", + "http://www.alfresco.org/model/cmis/1.0/alfcmis":"alfcmis", + "http://www.alfresco.org/model/publishing/1.0":"pub", + "http://purl.org/dc/elements/1.1/":"dc" + } + } +kind: ConfigMap +metadata: + name: prefixes-file +--- +apiVersion: v1 +data: + BROKER_PASSWORD: YWRtaW4= + BROKER_URL: ZmFpbG92ZXI6KG5pbzovL2FsZnJlc2NvLWNvbnRlbnQtc2VydmljZXMtYWN0aXZlbXEtYnJva2VyOjYxNjE2KT90aW1lb3V0PTMwMDAmam1zLnVzZUNvbXByZXNzaW9uPXRydWU= + BROKER_USERNAME: YWRtaW4= +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: acs-alfresco-cs-brokersecret +type: Opaque +--- +apiVersion: v1 +data: + BROKER_PASSWORD: YWRtaW4= + BROKER_USERNAME: YWRtaW4= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-brokersecret +type: Opaque +--- +apiVersion: v1 +data: + METADATA_KEY_PASSWORD: b0tJV3pWZEVkQQ== + METADATA_KEYSTORE_PASSWORD: bXA2eWMwVUQ5ZQ== +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret +type: Opaque +--- +apiVersion: v1 +data: + REPO_ADMIN_PASSWORD: MjA5YzYxNzRkYTQ5MGNhZWI0MjJmM2ZhNWE3YWU2MzQ= +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-secret +type: Opaque +--- +apiVersion: v1 +data: + ELASTICSEARCH_PASSWORD: "" + ELASTICSEARCH_USERNAME: "" +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-broker +spec: + ports: + - name: stomp + port: 61613 + protocol: TCP + targetPort: 61613 + - name: openwire + port: 61616 + protocol: TCP + targetPort: 61616 + - name: amqp + port: 5672 + protocol: TCP + targetPort: 5672 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-web-console +spec: + ports: + - name: web-console + port: 8161 + protocol: TCP + targetPort: 8161 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + ports: + - name: imagemagick + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + ports: + - name: libreoffice + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + ports: + - name: pdfrenderer + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ports: + - name: alfresco + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ports: + - name: share + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + ports: + - name: tika + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + ports: + - name: transformmisc + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + ports: + - name: filestore + port: 80 + targetPort: 8099 + selector: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + ports: + - name: transform-router + port: 80 + protocol: TCP + targetPort: 8095 + selector: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: activemq-default-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: filestore-default-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + volumeMode: Filesystem +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + spec: + containers: + - env: + - name: ACTIVEMQ_CONFIG_MINMEMORY + value: "512" + - name: ACTIVEMQ_CONFIG_MAXMEMORY + value: "2048" + - name: ACTIVEMQ_BROKER_NAME + value: alfresco-content-services-activemq + - name: ACTIVEMQ_ADMIN_LOGIN + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: alfresco-content-services-activemq-brokersecret + - name: ACTIVEMQ_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: alfresco-content-services-activemq-brokersecret + image: alfresco/alfresco-activemq:5.17.4-jre17-rockylinux8 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + tcpSocket: + port: 61616 + timeoutSeconds: 1 + name: activemq + ports: + - containerPort: 61613 + name: stomp + - containerPort: 61616 + name: openwire + - containerPort: 5672 + name: amqp + - containerPort: 8161 + name: web-console + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + tcpSocket: + port: 61616 + timeoutSeconds: 1 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.25" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/activemq/data + name: data + subPath: alfresco-infrastructure/activemq-data + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33031 + terminationGracePeriodSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: activemq-default-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 77504232107df28e3fae1cd91fdc37518dfa5229d21f73e2058e526d7ad89c6b + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-imagemagick-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-imagemagick:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33002 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c29b71fae340444799e63ddc2280c00de4c990a3dad047c0ebe70685ef7ab89c + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-libreoffice-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-libreoffice:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 400Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33003 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: e61eca295784c0d562e9f9e3fa9e70f707291420af8c0ac90b668d14b76b628f + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-pdf-renderer:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33001 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: d955f674815090f6eeb81d81622cc02d896f030bdbf1bc89f53335ff61aae588 + checksum/secretDatabase: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secretS3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + spec: + containers: + - envFrom: + - secretRef: + name: rds-instance-output + - secretRef: + name: s3-bucket-output + - secretRef: + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret + - secretRef: + name: acs-alfresco-cs-brokersecret + - secretRef: + name: alfresco-content-services-alfresco-cs-repository-secret + - configMapRef: + name: alfresco-content-services-alfresco-cs-repository-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository:content-9895398808-1 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- + port: 8080 + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + name: alfresco-content-services + ports: + - containerPort: 8080 + - containerPort: 5701 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 3000Mi + requests: + cpu: "1" + memory: 1500Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + periodSeconds: 30 + volumeMounts: + - mountPath: /usr/local/tomcat/alf_data + name: data + subPath: alfresco-content-services/repository-data + - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/ + name: acs-license + imagePullSecrets: + - name: quay-registry-secret + initContainers: null + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + volumes: + - emptyDir: + sizeLimit: 20Gi + name: data + - name: acs-license + secret: + defaultMode: 256 + secretName: alfresco-license + - configMap: + name: custom-pipeline-config + optional: true + name: custom-pipeline-config-volume + - configMap: + name: custom-rendition-config + optional: true + name: custom-rendition-config-volume + - configMap: + name: custom-mimetype-config + optional: true + name: custom-mimetype-config-volume + - configMap: + name: custom-queryset-config + optional: true + name: custom-queryset-config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checkov.io/skip1: CKV_K8S_23=Requires APPS-1832 first + checkov.io/skip2: CKV_K8S_40=Requires APPS-1832 first + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 428c2ba2026a88cc7763ac0c1772943157c8a4822def1efc76743b72b74a19f8 + labels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + spec: + containers: + - envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-share-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share:share-9895398808-1 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 200 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 15 + resources: + limits: + cpu: "4" + memory: 2000Mi + requests: + cpu: "1" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 65534 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 4ce771746eed38f9cac09952793879c40330a2f75a60d4008c84810fe870eb58 + labels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-tika-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-tika:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: "0.25" + memory: 600Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33004 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c44dc1b790fba68833f95ffeecc6878f057f3dd629b3a44a44b2a8ad1a517119 + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-transform-misc-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-transform-misc:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33006 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 934e365b21db873604fd6ac49595dfd1b1f60f86622c70ed3203cc9c3b4ee0bd + labels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-filestore-configmap + image: quay.io/alfresco/alfresco-shared-file-store:2.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8099 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8099 + readinessProbe: + httpGet: + path: /ready + port: 8099 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp/Alfresco + name: data + subPath: alfresco-content-services/filestore-data + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33030 + volumes: + - name: data + persistentVolumeClaim: + claimName: filestore-default-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: fb79f6128a708bde1b33453f31a1256968707e33ada087e455905c133a62c1f1 + checksum/config-routes: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-router-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-transform-router:2.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 120 + timeoutSeconds: 60 + name: alfresco-content-services + ports: + - containerPort: 8095 + readinessProbe: + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33016 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-content:3.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-content + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-mediation +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation:3.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-mediation + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata:3.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-metadata + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-path:3.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-path + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-name: alf_affinity_route + nginx.ingress.kubernetes.io/whitelist-source-range: 35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ingressClassName: default + rules: + - host: hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-expires: "604800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "604800" + nginx.ingress.kubernetes.io/session-cookie-name: alfrescoShare + nginx.ingress.kubernetes.io/session-cookie-path: /share + nginx.ingress.kubernetes.io/whitelist-source-range: 35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ingressClassName: default + rules: + - host: share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/dev/patch-ingress-repository.yaml b/kustomize/dev/patch-ingress-repository.yaml new file mode 100644 index 0000000..2ebd8c5 --- /dev/null +++ b/kustomize/dev/patch-ingress-repository.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: alfresco-content-services-alfresco-cs-repository + annotations: + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-dev-green + nginx.ingress.kubernetes.io/whitelist-source-range: placeholder +spec: + rules: + - host: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/dev/patch-ingress-share.yaml b/kustomize/dev/patch-ingress-share.yaml new file mode 100644 index 0000000..05e61d4 --- /dev/null +++ b/kustomize/dev/patch-ingress-share.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: alfresco-content-services-alfresco-cs-share + annotations: + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + nginx.ingress.kubernetes.io/whitelist-source-range: placeholder +spec: + rules: + - host: share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml new file mode 100644 index 0000000..cdb0e82 --- /dev/null +++ b/kustomize/dev/values.yaml @@ -0,0 +1,10 @@ +# this file overrides values defined in ./values.yaml +repository: + replicaCount: 2 +share: + replicaCount: 1 +database: + url: jdbc:postgresql://cloud-platform-9a95f5dfd5d72b23.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco +externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk +externalProtocol: https +externalPort: 443